A new iOS bug was discovered by researchers, and it poses a serious threat as it tricks people into sharing their iCloud passwords. The bug specifically uses a flaw residing in the Mail app. The app failed to clean out the code from incoming electronic mail. Since the bug downloads a special form via a remote server, it looks very similar to the login prompt message from iCloud. It replaces the original email message with remote HTML content.

Apple iOS Bug Tricks Users Into Sharing iCloud Password

Apple’s iOS bug issue

Such exploits can be programmed once to show the password prompt. It works by using the autofocus feature to cover up the dialogue field.

All a hacker must do to launch an attack is send an email with an HTML tag to their target. The hacker also must have an internet computer giving a fake login prompt. The Mail app’s browser embeds the image into the email in such a way that doesn’t look similar to the original. The vulnerability can also send beacons back to senders to let them know who viewed the emails. It also displays view dates and locations.

How users can prevent attacks

In order to prevent attacks from hackers, users should always press the cancel button and avoid entering login information when given unexpected login prompts. If the user enters a password, they should do it when the emails are not displayed. To find a false prompt, the user should press the home button. If the user’s device displays the main screen upon pressing the home button, the prompt is fake.

The bug was first brought to the attention of Apple earlier this year, but the Cupertino-based tech giant has yet to do anything about it.

In other Apple news, the tech giant recently unveiled a significant update to iOS 9 that includes ad-blocking features. AdBlock Plus recently vocalized a complaint regarding Apple’s update as it could easily replace its service.

via: ArsTechnica